Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Security transformation : digital defense strategies to protect your company’s reputation and market share
McCarthy M., McGraw-Hill, Inc., New York, NY, 2002. Type: Book (9781401499426)
Date Reviewed: Dec 19 2002

The big picture of enterprise security architecture is examined in this book. It is written in a simple easy-to-read style, and although some technical details are discussed, it is aimed primarily at upper management or those with minimal security knowledge. The author looks at the process of defining enterprise security architecture with a holistic approach, highlighting the necessity of designing and including security into the business model.

The book is divided into five parts. It begins with an interesting blackmail scenario based on a logic bomb that the author compares to the Y2K situation. Distributed denial of service (DDOS) attacks, sniffers, credit card theft, and viruses are examined next.

A number of real-world business enterprise models are then detailed, including Xlibris (an online publisher and distributor) and Covisint (an automobile OEM network). The author discusses how security has been an enabler in their models. The issue of trust is highlighted, particularly in the online banking and credit card industries, as well as the impact that a Web incident can have upon general online transactions, and the possible liabilities involved. The text emphasizes the fact that security is more than just a technological issue, and the need to instill security into culture, values, and behavior is discussed. Various measures and methods for prevention, detection, and response are provided. Next, there is a study of a fictitious company’s enterprise security architecture, along with a discussion of a number of technical concepts, and details regarding their initial risk assessment findings.

The text ends with a look at the current security climate, including a discussion of the issues faced today and in the future. Advances in technology and networks are addressed, as well as increasing concerns regarding privacy. Two appendixes are included that are excerpts from KPMG white papers, the first on strategies for success in e-business, and the second on e-commerce and cybercrime.

The book’s style is almost novel-like, although the sidebars that appear throughout, which simply reiterate passages, are more of a distraction than a benefit. It is refreshing to note that many of the examples provided are not the same old ones that appear in many other tomes. The fact that there are no references or citations, and only a very brief bibliography, may disappoint some.

For experienced security professionals, this book may only offer an interesting read, but for those with little or no experience, it provides an excellent route to understanding the issues involved in developing an enterprise security architecture.
Reviewer:  V. Stagg Review #: CR126766 (0303-0253)
Bookmark and Share
 
Security and Protection (K.6.5 )
 
 
Strategic Information Systems Planning (K.6.1 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
CIRCAL and the representation of communication, concurrency, and time
Milne G. ACM Transactions on Programming Languages and Systems 7(2): 270-298, 1985. Type: Article		 Oct 1 1985
Computer security risk management
Palmer I., Potter G., Van Nostrand Reinhold Co., New York, NY, 1989. Type: Book (9780442302900)		 Apr 1 1991
Computers at risk
, National Academy Press, Washington, DC, 1991. Type: Book (9780309043885)		 Oct 1 1991
more...
E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use | Privacy Policy